The CIA's online database of declassified documents reveals the computer security concerns of an intelligence working group.
Cybersecurity circa 1968
The U.S. government has been in the cybersecurity business for a long time. In 1968, the CIA added a computer security subcommittee to the U.S. Intelligence Board, a governmentwide body convened by the CIA to coordinate intelligence efforts.
The agendas, minutes and reports, with some redactions, are available via the CIA's declassified CREST database, which was recently put online. The documents show the intelligence community beginning to grapple with many of the problems of access control, physical security, contractor access, data verification and other issues that continue to plague government agencies today.
The group included representatives from the military services, the FBI, the State Department and the National Security Agency. There are hundreds of documents that turn up in CREST in response to a search for the work of the subcommittee, and in many if not all of these, the identity of the CIA official charged with leading the group is redacted.
In February 1969, subcommittee participants were instructed to list in order of priority their computer security problem areas. The NSA member said that access control topped the list, followed by computer malfunctions, information classification and physical security.
An Air Force member wanted to prioritize the development of a method to securely erase the drums of magnetic storage tape containing highly classified information, when those tapes needed to be decommissioned. The Navy concurred in this judgement.
The Defense Intelligence Agency sought to come up with a working definition of a system and its components as a first step to developing a computer security standard.
In one memo, the group takes a deep dive into the possibility of hacks by rival foreign intelligence services, or in the parlance of the times, "the postulated threat of hostile penetration of our computer operations." The memo is undated, but was responding to a request from Jan. 19, 1970, for a look at how intelligence agency systems could be exploited.
The subcommittee asked CIA counterintelligence personnel to look for possible examples of intrusion or exploitation by rivals. According to the memo's findings, the CIA and the FBI "were able to provide information on several cases involving hostile attempts to exploit either personnel associated with Community computer operations or personnel employed by American computing manufacturers having potential contact with government operations."
Additionally, that report confirmed the existence of vulnerabilities in intelligence community systems that were postulated as possible threats in a draft of a classified Defense Science Bureau Task Force report from January 1970 -- including one flaw that allowed for system-wide memory dumps to be initiated by programmers who were only supposed to have limited access. Another bug from back in the days of magnetic tape storage allowed users to bypass storage protection features of the IBM 360 system to access program data.
NEXT STORY: Can DHS push harder on biometrics?